Re: What's the netscape problem

• To: Harald.T.Alvestrand@uninett.no
• Subject: Re: What's the netscape problem
• From: Amir Herzberg <amir@watson.ibm.com>
• Date: Fri, 22 Sep 1995 12:55:12 -0400
• Cc: Chuck Yerkes <yerkes_chuck@jpmorgan.com>, www-security@ns2.rutgers.edu
• In-Reply-To: (Your message of Fri, 22 Sep 1995 12:18:52 +0200.) <199509221019.GAA09210@ns2.rutgers.edu>

> Large companies already routinely do crypto work in Switzerland.

Unfortunately, as far as I know (read: our lawyers told me), as long as
the work is done by `a US company or its subsidery', it is still under ITAR.
This obviously puts US companies in disadvantage, and I believe they do their
best to change the situation (but obviously that is not enough).

Companies may certainly have _others_ do the crypto work to integrate with
their products, but this is not so simple, since - as you say - ...
>
> Note that ITAR also covers software that has hooks on which you can
> easily integrate crypto modules (Kerberos, for instance; see the difference
> between the MIT "Bones" distribution and the US-only one), so it's likely
> that more than just the crypto stuff has to be done outside the US.

I'll appreciate any info to the contrary. IBM is a very conservative company,
and if the rules are not as bad as above, I'll like to know of examples...

Thanks, Amir Herzberg

Disclaimer: this is a private message and not an official IBM position.

• Re: What's the netscape problem
• From: Harald.T.Alvestrand@uninett.no

• Previous: Re: Netscape's purported RNG
• Next: Security testing
• Index(es):
  • Index
  • Thread